You are browsing a read-only backup copy of Wikitech. The primary site can be found at

Help:SSH Fingerprints

From Wikitech-static
Revision as of 17:15, 12 October 2015 by imported>Alex Monk (uh, v6.8 actually -
Jump to navigation Jump to search

To find this information, locally you can just run this:

for file in /etc/ssh/*; do ssh-keygen -lf $file; done

Remotely (and to format it for these pages), something like this should work:

import sys
if len(sys.argv) == 0:
	print('Must specify hostname')
hostname = sys.argv[1]
port = 22
if len(sys.argv) > 2:
	port = sys.argv[2]

import collections, subprocess, tempfile
with tempfile.NamedTemporaryFile() as tf:
	keyscanCommand = 'ssh-keyscan', '-t', 'rsa,ecdsa,ed25519', '-p', str(port), hostname, stdout = tf.file, stderr = open('/dev/null'))

	fingerprints = collections.defaultdict(list)
	for fingerprintHash in ['md5', 'sha256']:
		keygenCommand = ['ssh-keygen', '-l', '-E', fingerprintHash, '-f',]
		keygenProcess = subprocess.Popen(keygenCommand, stdout = subprocess.PIPE)
		stdout, stderr = keygenProcess.communicate()
		for line in stdout.decode('ascii').splitlines():
			bitlen, fingerprint, hostname, type = line.split(' ')

	for type, keys in fingerprints.items():
		print(';' + type + ':')
		for key in keys:
			print('* <code>' + key + '</code>')

Assuming you have OpenSSH 6.8+ (unlikely as of writing). If you don't, you'll need to get rid of the 'sha256' list entry and remove the "'-E', fingerprintHash, ".